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IN THE CLAIMS: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

LISTING OF CLAIMS: 



1 1 . (original) A gateway for mobile access, comprising: 

2 a foreign agent that receives user profile data and session state data from a home 

3 authentication, authorization and accounting (AAA) system of a mobile node; 

4 at least one dynamic packet filter that performs multi-layer filtering based on the 

5 user profile data; 

6 wherein the foreign agent transfers a session from a first network to a second 

7 network without session interruption, using the session state data, when the mobile node 

8 moves from the first network to the second network, and 

9 the foreign agent uses the dynamic packet filter to permit Internet access by the 

10 mobile node without passing Internet data requested by the mobile node through a 

1 1 network in which the home AAA system is located. 

1 2. (original) The gateway of claim 1, further comprising a MAC-address- 

2 based filter which blocks packets except for authentication packets that are used to 

3 authenticate mobile nodes. 

1 3. (original) The gateway of claim 1, wherein the dynamic packet filter 

2 performs network layer filtering and one of the group consisting of transport layer 

3 filtering and application layer filtering. 

1 4. (original) The gateway of claim 1, further comprising a non-volatile 

2 storage device in which the user profile data are stored. 
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1 5. (original) The gateway of claim 1, wherein the non- volatile storage device 

2 has a database that stores state information for each active user session. 



1 6. (original) The gateway of claim 1, wherein the gateway is coupled to at 

2 least one access point, and the gateway transmits from a AAA server in the gateway to the 

3 access point an identification of whether a mobile node in communication with the access 

4 point is successfully authenticated by the AAA server. 

1 7. (original) The gateway of claim 1, wherein the gateway exchanges AAA 

2 data with the home AAA system of the mobile node by way of the Internet, and the 

3 gateway provides Internet access to the mobile node without passing Internet data 

4 requested by the mobile node through the network of the home AAA system. 

1 8. (currently amended) The gateway of claim 7, wherein the gateway relays 

2 remote authentication dial-in user service packets to the home AAA system server . 

1 9. (currently amended) The gateway of claim 1, wherein the gateway has a 



2 foreign agent [[that]] communicates with the home AAA system of the mobile node, and 

3 the foreign agent is capable of operating in a relay mode, in which the foreign agent 

4 forwards packets to the home AAA system of the mobile IP node for authentication, or in 

5 a standalone mode, in which authentication computations for the simple IP mobile node 

6 are performed in the gateway. 



1 10. (currently amended) The gateway of claim 1, wherein the user profile data 

2 include per-user policies dynamically obtained from the home AAA system server of the 

3 mobile node and the gateway further the dynamic packet filter is included in a firewall 

4 that uses packet filtering rules that depend on the per-user policies. 

1 11. (original) The gateway of claim 10, wherein the firewall includes rules that 

2 check a media access control address associated with each received packet. 
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1 12. (original) The gateway of claim 1, further comprising an 802.11 access 

2 point contained within or attached to a housing of the gateway. 

1 13. (original) The gateway of claim 1, further comprising a wireless modem 

2 contained within or attached to a housing of the gateway. 

1 14. (original) The gateway of claim 1 , further comprising: 

2 an 802.1 1 access point contained within or attached to a housing of the gateway; 

3 and 

4 a wireless modem contained within or attached to a housing of the gateway. 

1 15. (original) A gateway for mobile access, comprising: 

2 a foreign agent that receives user profile data from a home authentication, 

3 authorization and accounting (AAA) system of a client, when the client establishes a 

4 session with the gateway; 

5 a dynamic packet filter that performs multi-layer filtering based on the user profile 

6 data; 

7 an access point contained within or attached to a housing of the gateway, for 

8 communication between the gateway and the client; and 

9 a wireless modem contained within or attached to a housing of the gateway, 

1 0 wherein the gateway is mobile, and the modem permits wireless communication between 

1 1 the gateway and a wireless network. 

1 16 (original). The gateway of claim 15, wherein the gateway provides Internet 

2 access to the client without passing Internet data requested by the client through a 

3 network containing the home AAA system of the client. 

1 17. (previously presented) The gateway of claim 15, wherein the foreign agent 

2 is capable of obtaining a new IP address when the gateway moves from a first network to 

3 a second network. 
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1 18. (original) The gateway of claim 16, wherein, the foreign agent is capable 

2 of advertising the new IP address to the client. 

1 19. (original) The gateway of claim 15, wherein the dynamic packet filter 

2 performs network layer filtering and one of the group consisting of transport layer 

3 filtering and application layer filtering. 

1 20. (original) The gateway of claim 15, further comprising a non- volatile 



2 storage device that stores the session state data, and means for transmitting the stored 

3 session state data to the client if the client loses a connection with the gateway and 

4 resumes the connection with the gateway. 



1 21. (canceled) 

1 22. (canceled) 

1 23. (canceled) 

1 24. (canceled) 

1 25. (canceled) 

1 26. (canceled) 

1 27. (canceled) 

1 28. (canceled) 

1 29. (original) A computer readable medium encoded with computer program 



2 code, wherein, when the code is executed by a processor, the processor performs a 

3 method for controlling mobile access, comprising the steps of: 
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4 filtering incoming packets based on a media access control address of each 

5 packet; 

6 obtaining user profile data of a mobile IP node from a home authentication, 

7 authorization and accounting (AAA) server of a mobile IP node, to determine whether the 

8 mobile IP node is registered to access a network by way of a gateway; 

9 performing multi-layer filtering based on the user profile data; 

10 transferring a session from a first network to a second network in which the 

1 1 mobile IP node is located without session interruption when the mobile node moves to 

1 2 the second network; and 

13 providing Internet access to the mobile IP node without passing Internet data 

14 requested by the mobile IP node through a network in which the home AAA server is 

1 5 located. 

1 30. (canceled) 
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